[ntp:questions] Re: exporting NTP from the US
David L. Mills
mills at udel.edu
Thu Mar 30 18:03:24 UTC 2006
Add this to your bag of silly stories.
I had heard of a professor at a California university that was
threatened with prosecution because there were Chinese nationals in his
class on cyrptographic algorithms. I put this issue to my DARPA program
manager and asked for official clarification, as I also have Chinese
nationals in my class on computer security. The <official> answer was
this was okay as long as the Chinese nationals "took no documents or
notes upon returning to China." The DARPA official even managed to say
that with a straight face.
Times have changed. Thirty years ago it was illegal to encrypt anything
Terje Mathisen wrote:
> alan.kiecker wrote:
>> Thanks, Harlan.
>> We are planning on using the NTP package that Meinberg has available
>> for Windows. Many of our customers isolate their private networks from
>> the Internet making it difficult for them to download the package so we
>> are planning on making it available to them on our own release media.
>> This in effect would make us an exporter, and consequently my
>> The package as downloaded from Meinberg includes both the SSLeay32.dll
>> and libeay32.dll libraries. The following FAQ
>> mentions some ITAR issues concerning SSL but does not really go into
>> details. I am assuming that these two libraries, which are used by
>> NTP, contain the encryption algorithms that are of concern. Since the
>> API of these libraries is well documented on the Internet, anyone would
>> be able to make use of the encryption algorithms once they have the
>> Any advice would be appreciated.
> My considered advice is this:
> Simply forget about it!
> The source code is freely available, everywhere, including those states
> that the US classified as 'The Axis of Evil' once upon a time, and so
> are compilers capable of regenerating the binaries.
> At this point the theoretical possibility of using Unisys media as way
> to get access to SSL libraries, and then use them for terrorist activity
> seems quite farfetched to me.
> OTOH, I'm not a US citizen, so I'm not bound by what I consider to be a
> particularly stupid US law. :-)
>> -- al
More information about the questions